Have Adobe Flash? Update now against actively-exploited zero-day flaw

As they promised earlier this week, Adobe has released an emergency security update for Flash Player, protecting against a vulnerability (known as CVE-2016-1019) that is being actively exploited by hackers.

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.

Adobe is aware of reports that CVE-2016-1019 is being actively exploited on systems running Windows 10 and earlier with Flash Player version 20.0.0.306 and earlier.

As security firm Proofpoint describes, the CVE-2016-1019 vulnerability in Flash is being exploited by malicious hackers to spread the Cerber ransomware via use of the Magnitude exploit kit.

If you’re not quite ready to take the step of entirely uninstalling Flash, then you should at the very least consider enabling “Click to Play”, which stops Flash elements from being rendered in your browser unless you give specific permission.

And remember, Flash isn’t just a security headache for Windows users. This vulnerability is also present in the Mac OS X, Linux and ChromeOS editions of Flash Player.

About the author, Graham Cluley

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy.

12 Responses

I’d like to get rid of Flash completly but what can I do if my old scanner use a Flash interface? (and of course the company wouldn’t provide a new interface for this old model). P.S. Stupid answer would be “get rid of your old scanner and buy a new one”.

You could try using a browser like Google Chrome as it automatically keeps Flash up-to-date. It is also Chrome-specific so the Flash component wouldn’t work in other browsers. You’d get security and functionality.

If you don’t trust Adobe Flash (and most experts don’t) then you should use Google Chrome exclusively for scanning as that would greatly reduce your potential for compromise.

In this example you’d use Microsoft Edge / Internet Explorer as your primary browser (without Flash installed on your computer) and then when you want to scan something toggle into Google Chrome (which has Flash built in).

The other alternative (assuming you don’t want to buy a new scanner) is to download a reputable scanning app for your mobile phone. You take a picture of the document and, voila, it’s scanned.

Thanks for the timely post, I love your work!!! So… question… why is this latest flash debacle making my head explode “one more time”… Why… Why… WHY!!?? … Why do we still have our mind-boggling dependence on flash, after sooo many years of hearing that flash is on the way out? I’ve been using Tenfourfox for some time now to rebelliously persist in using my over-ten-year-old Power PC mac laptop. I’ve been able to overcome every obstacle, every annoying message over the past few years from various websites, banking, utilities, email, etc. that “your browser is no longer supported,” but the one thorn in my side has been going without flash… vimeo, facebook (omg Mark!) youtube… youtube has been the best, as there has been a large proportion of content that via html-5 video (right?) I can still use, but even on youtube I frequently get the “not supported” wienie-slap… boo!… So why, if according to countless tech articles for YEARS now announcing that everything points to a happy transition to a flashless universe, it just won’t GOAWAY!!?? (cue mad muttering in the attic noises…)

I am thoroughly fed up with Flash too. Click to Play helps to manage the risk but I would rather not have Flash installed at all. After all this time you would think they would take the hint and learn how to code securely and security test their products before each release, if only to protect their future business. I use Heimdal free to silently patch this and some other problemware at startup, but a Flash-free PC would be even better.

Can anyone tell me if we are supposed to receive a patch for this, through windows update on Windows10 ?, only I’ve not received updates for this, which I don’t quite understand why not
at this late stage .

you need to manually update Flash if it is installed at all; it won’t be pushed out via Windows Update.

HI Bob, I only have flash that is built into internet Explorer 11 which windows update will often send patches out ‚for it, other forums are saying there is still no actual official fix yet from Microsoft.

If I uninstall Flash, what takes its place? For instance, I have Flash set to Click To Play and when I am uploading photos to Shutterfly, it asks me to activate Adobe Flash. If I uninstall the Flash player, will that affect uploading?